thanks so I have a huge wall of alerts with kaspersky antivirus personal root certificate must be some compatibility stuff with KA free
It been renamed to NoSnoop. Although, the download link is not working at the moment until the author fixes it.
The download link for NoSnoop works now. https://www.trustprobe.com/fs1/download.php?appname=NoSnoop.zip
Quite an interesting tool! I'm on Cox Internet. I had an alert on "huawei.com" and an occasional alert on "www.bbc.co.uk" (it is currently NOT alerting) www.bbc.co.uk 0 GlobalSign Root CA - R1 B1BC968BD4F49D622AA89A81F2150152A41D829C www.huawei.com 0 Actalis Authentication Root CA F373B387065A28848AF2F34ACE192BDDC78E9CAC I switched to a third-party's VPN (which sees a random amount of handshake failures). The "huawei.com" detection remained, and I wasn't able to get an alert on "www.bbc.co.uk" (but I can't say if the lack of a BBC hit had any real meaning here or not). www.bbc.co.uk 0 GlobalSign Root CA - R1 B1BC968BD4F49D622AA89A81F2150152A41D829C www.huawei.com 0 Actalis Authentication Root CA F373B387065A28848AF2F34ACE192BDDC78E9CAC Still, the alert on Huawei kind of raises an eyebrow, doesn't it? I noticed someone on Hacker News seeing similar results. If I want to investigate this further, what's my next step? Suggestions for Linux tools are especially welcome. Thanks all.
The zip file used to contain a hostlist.txt; top100.txt when it was MTM Checker. One could whip up one's own hostlist.txt. Not any more. The previous nosnoop.exe was 152 KB and the current exe is 377 KB. Looks like the hosts are now "built in," as hostlist.txt is ignored. https://www.trustprobe.com/ as of this posting opens with: TrustProbe Seriously cool things coming soon! I hope so...
@svenfaw Tried it, but both versions don't even load in windows 10 1909 x64, or fresh windows 10 1909 x64 VM, or fresh windows 7 x64 VM, not sure whats up. No error message, or warnings or window period, just nothing.
Got it working finally, had to change the date to July 8 2019; works only temporarily after each release
v0.82 is now available, with updated certificate thumbprints. https://www.trustprobe.com/fs1/nosnoop.html
The AAA Certificate Services (D1EB23A46D17D68FD92564C2F1F1601764D8E349) alert is a false positive. Fixed in version 0.83.
A possible reason could be if you are using a system-wide adblocker, or have a doubleclick.net entry in your hosts file.
Ha. That explains it, I had a quite a few 'handshake failure N/A', and disabling AdGuard for Windows solved that. Neat. Except for utorrent ... Don't use it so not sure why it's even there ...
New version: v0.87.003 Some more specific host lists have been added: - Email services - Financial services - Communication services
